DoH is tricky to block since it’s just using https on port 443. The only options are blocklists of known servers and attempting to detect it with deep packet inspection.
Comment on Samsung brings ads to US fridges
MangoPenguin@lemmy.blahaj.zone 1 day agoMaybe block the DoH endpoint and in theory the device might fall back to normal DNS, dunno if that would work.
cmnybo@discuss.tchncs.de 1 day ago
MangoPenguin@lemmy.blahaj.zone 1 day ago
Yeah gotta inspect the traffic and block whatever hostnames it uses.
WhyJiffie@sh.itjust.works 1 day ago
and also block outgoing connections to port 53 when it’s not the pihole device’s allowed IP